Microsoft Speech API – Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input.
Threat: To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language.
Adobe Campaign – Arbitrary Code Execution Vulnerability
Description: Adobe has released a security update for Adobe Campaign Classic.
Threat: This update addresses a critical vulnerability that could result in arbitrary code execution.
Adobe Flash Player – Arbitrary Code Execution Vulnerability
Description: Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS.
Threat: Successful exploitation could lead to arbitrary code execution in the context of the current user.
Evernote Web Clipper for Chrome – Cross-Site Scripting (XSS) Vulnerability
Description: A universal XSS vulnerability exists in Evernote Web Clipper for Chrome allows hackers to access sensitive user information.
Threat: An attacker who successfully exploited the vulnerability could bypass the browser’s same-origin policy (SOP) and execute arbitrary code on the user’s behalf.